WSUS Configuration Audit

View WSUS Configuration Settings

Organizations use WSUS to manage when devices receive updates and also how potential system reboots are scheduled. By using WSUS, organizations ensure that the right updates are sent to devices at the right time. Due to potential issues with windows updates, updating all your devices at the same time might not be the best setup. By utilizing the options that WSUS provides, you can ensure your updates run smoothly.

The report below uses the Windows update registry keys to provide you an overview of all your assets along with the settings they have for WSUS. If you're interested in more ways to efficiently Windows updates you can take a look at the related Windows Server Update Services blog post.

Before running the audit, add the Windows update registry keys to your custom registry scanning.

WSUS Configuration Query

Select Top 1000000 tblAssets.AssetID,
tblAssets.AssetName,
tblAssets.Domain,
tblAssets.Username,
tblAssets.Userdomain,
Coalesce(tsysOS.Image, tsysAssetTypes.AssetTypeIcon10) As icon,
tblAssets.IPAddress,
tsysIPLocations.IPLocation,
tblAssetCustom.Manufacturer,
tblAssetCustom.Model,
tsysOS.OSname As OS,
tblAssets.Version,
tblAssets.SP,
SubQuery1.AcceptTrustedPublisherCerts,
SubQuery2.DisableWindowsUpdateAccess,
SubQuery3.ElevateNonAdmins,
SubQuery4.TargetGroup,
SubQuery5.TargetGroupEnabled,
SubQuery6.WUServer,
SubQuery7.WUStatusServer,
Case
When TsysLastscan.Lasttime < GetDate() - 1 Then
'Last registry scan more than 24 hours ago! Information may not be up-to-date. Try rescanning this machine.'
End As Comment,
Case
When tblErrors.ErrorText Is Not Null Or
tblErrors.ErrorText != '' Then
'Scanning Error: ' + tsysasseterrortypes.ErrorMsg
Else ''
End As ScanningErrors,
TsysLastscan.Lasttime As LastRegistryScan,
tblAssets.Firstseen,
tblAssets.Lastseen,
tblAssets.Lasttried
From tblAssets
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
Inner Join tsysIPLocations On tsysIPLocations.LocationID =
tblAssets.LocationID
Inner Join tblState On tblState.State = tblAssetCustom.State
Left Join tsysOS On tsysOS.OScode = tblAssets.OScode
Left Join (Select Distinct Top 1000000 tblErrors.AssetID As ID,
Max(tblErrors.Teller) As ErrorID
From tblErrors
Group By tblErrors.AssetID) As ScanningError On tblAssets.AssetID =
ScanningError.ID
Left Join tblErrors On ScanningError.ErrorID = tblErrors.Teller
Left Join tsysasseterrortypes On tsysasseterrortypes.Errortype =
tblErrors.ErrorType
Inner Join TsysLastscan On tblAssets.AssetID = TsysLastscan.AssetID
Inner Join TsysWaittime On TsysWaittime.CFGCode = TsysLastscan.CFGcode
Left Join (Select Top 1000000 tblRegistry.AssetID,
tblRegistry.Value As AcceptTrustedPublisherCerts
From tblRegistry
Where
tblRegistry.Regkey Like
'%Software\Policies\Microsoft\Windows\WindowsUpdate' And
tblRegistry.Valuename = 'AcceptTrustedPublisherCerts') SubQuery1
On SubQuery1.AssetID = tblAssets.AssetID
Left Join (Select Top 1000000 tblRegistry.AssetID,
tblRegistry.Value As DisableWindowsUpdateAccess
From tblRegistry
Where
tblRegistry.Regkey Like
'%Software\Policies\Microsoft\Windows\WindowsUpdate' And
tblRegistry.Valuename = 'DisableWindowsUpdateAccess') SubQuery2 On
SubQuery2.AssetID = tblAssets.AssetID
Left Join (Select Top 1000000 tblRegistry.AssetID,
tblRegistry.Value As ElevateNonAdmins
From tblRegistry
Where
tblRegistry.Regkey Like
'%Software\Policies\Microsoft\Windows\WindowsUpdate' And
tblRegistry.Valuename = 'ElevateNonAdmins') SubQuery3 On
SubQuery3.AssetID = tblAssets.AssetID
Left Join (Select Top 1000000 tblRegistry.AssetID,
tblRegistry.Value As TargetGroup
From tblRegistry
Where
tblRegistry.Regkey Like
'%Software\Policies\Microsoft\Windows\WindowsUpdate' And
tblRegistry.Valuename = 'TargetGroup') SubQuery4 On SubQuery4.AssetID =
tblAssets.AssetID
Left Join (Select Top 1000000 tblRegistry.AssetID,
tblRegistry.Value As TargetGroupEnabled
From tblRegistry
Where
tblRegistry.Regkey Like
'%Software\Policies\Microsoft\Windows\WindowsUpdate' And
tblRegistry.Valuename = 'TargetGroupEnabled') SubQuery5 On
SubQuery5.AssetID = tblAssets.AssetID
Left Join (Select Top 1000000 tblRegistry.AssetID,
tblRegistry.Value As WUServer
From tblRegistry
Where
tblRegistry.Regkey Like
'%Software\Policies\Microsoft\Windows\WindowsUpdate' And
tblRegistry.Valuename = 'WUServer') SubQuery6 On SubQuery6.AssetID =
tblAssets.AssetID
Left Join (Select Top 1000000 tblRegistry.AssetID,
tblRegistry.Value As WUStatusServer
From tblRegistry
Where
tblRegistry.Regkey Like
'%Software\Policies\Microsoft\Windows\WindowsUpdate' And
tblRegistry.Valuename = 'WUStatusServer') SubQuery7 On SubQuery7.AssetID =
tblAssets.AssetID
Where tblAssetCustom.State = 1 And TsysWaittime.CFGname = 'registry'
Order By tblAssets.Domain,
tblAssets.AssetName

Audit and Take Action in 3 Easy Steps

1. Download & Install Lansweeper

3. Run the Audit & Take Action

Download Lansweeper to Run this Audit

Harness the Power of Reporting